autoconf
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

GNU M4 1.4.8 released


From: Eric Blake
Subject: GNU M4 1.4.8 released
Date: Mon, 20 Nov 2006 21:50:52 -0700
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.8) Gecko/20061025 Thunderbird/1.5.0.8 Mnenhy/0.7.4.666

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

The GNU M4 Team is pleased to announce the release of GNU M4 1.4.8.

GNU `m4' is an implementation of the traditional Unix macro processor.
It is mostly SVR4 compatible, although it has some extensions (for
example, handling more than 9 positional parameters to macros).  `m4'
also has built-in functions for including files, running shell
commands, doing arithmetic, etc.  Autoconf needs GNU `m4' for
generating `configure' scripts, but not for running them.

This release fixes a memory allocation overflow bug that could
potentially be exploited for arbitrary code execution on 32-bit
platforms.  It has several command line improvements, and adds a new
macro `mkstemp'.  It also improves error reporting of multi-line macro
invocations to track the line where the macro name appears.

The changes in this version trigger spurious testsuite failures in the
Autoconf 2.60 testsuite; if you use GNU Autoconf, it is suggested that
you upgrade to Autoconf 2.61 after upgrading to M4 1.4.8.

New in 1.4.8: 20 Nov 2006

* The `divert' macro and `-H'/`--hashsize' command line option no longer
  cause a core dump when handed extra large values.  Also, `divert' now
  uses memory proportional to the number of diversions in use, rather than
  to the maximum diversion number encountered, so that large diversion
  numbers are less likely to exhaust system memory; and is no longer
  limited by the maximum number of file descriptors.
* The `--help' and `--version' command line options now consistently
  override all earlier options.  For example, `m4 --debugfile=trace
  --help' now no longer accidentally creates an empty file `trace'.
* The `-L'/`--nesting-limit' command line option can now be set to 0
  to remove the default limit of 1024.  However, it is still possible that
  heavily nested input can cause abrupt program termination due to stack
  overflow.
* Problems encountered when writing to standard error, such as with the
  `errprint' macro, now always cause a non-zero exit status.
* Warnings and errors issued during macro expansion are now consistently
  reported at the line where the macro name was detected, rather than
  where the close parenthesis resides.  Text wrapped by `m4wrap' now
  remembers the location that was in effect when m4wrap was invoked,
  rather than changing to line 0 and the empty string for a file.  The
  macros `__line__' and `__file__' now work correctly even as the last
  token in an included file.
* The `builtin' and `indir' macros now transparently handle builtin
  tokens generated by `defn'.
* When diversions created by the `divert' macro collect enough text that
  M4 must use temporary files, the environment variable $TMPDIR is now
  consulted, and a better effort is made to clean up those files in the
  event of a fatal signal.
* The `mkstemp' builtin is added with the same GNU semantics as `maketemp',
  based on the recommendation of POSIX to deprecate the POSIX semantics of
  `maketemp' as inherently insecure.  In GNU mode (no -G supplied on the
  command line), `maketemp' silently retains the secure GNU semantics, but
  a future release of M4 will change this to emit a warning.  In
  traditional mode (m4 -G), `maketemp' now uses the POSIX-mandated insecure
  semantics, and issues a warning that you should convert your script to
  use `mkstemp' instead.  Additionally, `mkstemp' and `maketemp' are now
  well-defined even if the template argument does not end in six `X'
  characters.
* The manual has been improved, including a new section on a composite
  macro `foreach'.
* The `changecom' and `changequote' macros now treat an empty second
  argument the same as if it were missing, rather than using the empty
  string and making it impossible to end a comment or quote.
* The `translit' macro now operates in linear instead of quadratic time,
  and is now eight-bit clean.
* The `-D', `-U', `-s', and `-t' command line options now take effect
  after any files encountered earlier on the command line, rather than up
  front, as is done in traditional implementations and required by POSIX.

m4-1.4.8 is available now from ftp.gnu.org, along with diffs and
xdeltas against m4-1.4.7 that are also available from ftp.gnu.org.
Please use a mirror to reduce stress on the main gnu machine:

  http://www.gnu.org/order/ftp.html

Here are the compressed sources:

  ftp://ftp.gnu.org/gnu/m4/m4-1.4.8.tar.gz    [708 kB]
  ftp://ftp.gnu.org/gnu/m4/m4-1.4.8.tar.bz2   [567 kB]

Here are the xdeltas and diffs against m4-1.4.7:

  ftp://ftp.gnu.org/gnu/m4/m4-1.4.7-1.4.8.diff.gz   [247 kB]
  ftp://ftp.gnu.org/gnu/m4/m4-1.4.7-1.4.8.xdelta    [151 kB]

Here are the gpg detached signatures:

  ftp://ftp.gnu.org/gnu/m4/m4-1.4.8.tar.gz.sig
  ftp://ftp.gnu.org/gnu/m4/m4-1.4.8.tar.bz2.sig
  ftp://ftp.gnu.org/gnu/m4/m4-1.4.7-1.4.8.diff.gz.sig
  ftp://ftp.gnu.org/gnu/m4/m4-1.4.7-1.4.8.xdelta.sig

You should download the signature named after any tarball you download,
and then verify its integrity with, for example:

  gpg --verify m4-1.4.8.tar.gz.sig

If that command fails because you don't have the required public key,
then run this command to import it:

  gpg --keyserver wwwkeys.pgp.net --recv-keys F4850180

Here are the MD5 and SHA1 checksums:

  66542b27c0ffa7513b52aed0ce5d784c m4-1.4.8.tar.gz
  6bbf917e5d8fab20b38d43868c3944d3 m4-1.4.8.tar.bz2
  89481e5d534cffa053e3b6269a841a63 m4-1.4.7-1.4.8.diff.gz
  a2ea9d7bcab8edffb61ba9ca0a061ae1 m4-1.4.7-1.4.8.xdelta
  32b5bb526de9315d1a319c2ca8eb881d9b835506 m4-1.4.8.tar.gz
  31589415022c2842f62f3b91186bc9e0a9a8e1a1 m4-1.4.8.tar.bz2
  7bf252456cb2c645c03de9036e24106bc4363d73 m4-1.4.7-1.4.8.diff.gz
  cca8208b1e875737c8bdc9bb0fedb50cdcd4c80a m4-1.4.7-1.4.8.xdelta

This release was bootstrapped with Autoconf 2.61, Automake 1.10, and
CVS Gnulib from Nov 20, 2006.

Alternatively, you can fetch the unbootstrapped sourcecode from
anonymous cvs by using the following commands:

  $ export CVS_RSH=ssh
  $ cvs -z3 -d :pserver:address@hidden:/sources/m4 \
  co -r m4-1_4_8 m4

You will then need to have recent release versions of Automake (at
least 1.9.x) and Autoconf (at least 2.60) installed to bootstrap the
checked out sources yourself.

Please report bugs to <address@hidden>, along with the output of 'make
check' and any other information that might be useful in resolving the
issue.

- --
Eric Blake
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Cygwin)
Comment: Public key at home.comcast.net/~ericblake/eblake.gpg
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFYoWs84KuGfSFAYARAu+hAKCo1srTMhUvGVIlsV6HDgVnD6JP9gCcCC/Z
za5JbxqESEULLFEHBj7E9Ew=
=fHq6
-----END PGP SIGNATURE-----




reply via email to

[Prev in Thread] Current Thread [Next in Thread]